A product under evaluation against the WLAN AS PP provides capabilities to select the set of audited events from the set of all auditable events, but the selectable attributes do not align precisely with the attributes specified in the SFR. In particular, the TOE does not provide a capability to select audited events based on administrator identity. It is not clear why the PP would want to specify a capability to exclude events based on administrator identity when much of the analysis and testing of the audit function centers on the capability to audit all administrative actions.

Resolution

The administrator identity attribute can be excluded from the list of attributes. The WLAN AS PP will be updated to remove “administrator identity” from the list of attributes in FAU_SEL.1.1.